Qualys Blog

www.qualys.com

Qualys WAS 3.6 New Features

Recent news articles make it clear that the pace and scale of malicious attacks on enterprises is increasing. The challenge for organizations is how to match the increase in attacks with their ability to detect the vulnerabilities targeted by the attackers.  Further complicating the ability of enterprises to defend against these attacks is that as networks have become more hardened, attackers have increasingly turned to application level exploits that bypass network security controls like firewalls.  To combat the increased risks represented by these new realities, organizations need a way to cost effectively scan and discover all the web application vulnerabilities in their environments.  However, running a highly scalable scanning program can be a complex undertaking without tools that are easy to setup, configure and manage over time. Qualys WAS 3.6 provides organizations with the ease of use, centralized management and integration capabilities they need to keep the attackers at bay and their web applications secure.

Feature highlights include:  Support for rerunning any report with the same configuration, adding web application assets that exist for other services (like WAF), scan auto reschedule, export of links crawled, new findings and option profile APIs,  and additional usability enhancements.  Together, these new features enable organizations to support high volume and fully automated web application scanning across their complete web application portfolio.

Qualys WAS 3.6 will be released in production in late September / early October 2014 depending on the platform.  Details about the release schedule are at the end of this blog post.

Reporting

Rerun a report with same configuration:  Qualys WAS supports reports that include many different configuration capabilities including vulnerability filtering, status filtering, URL filtering,  content section selection, graph selection, etc.  Instead of setting up a new report, sometimes it is easier to just rerun a report you know has the configuration you want.  WAS 3.6 provide users with capability to rerun any report, saving users time and effort.

Rerun Report

report_run_again

Web Application Enhancements

Quickly add web applications already in your subscription:  Now you can use a shortcut for adding web applications for WAS scanning when you have already added the web asset to your subscription.  This saves you time – you can skip entering settings like web application name, URL, tags, and just enter WAS specific settings.  What web assets can I choose from? Any web asset already added to your subscription that you have access to. For example you might have a web application already defined for WAF.

Add Existing Subscription Web Applications Assets to WAS

web_app_new1

web_app_new2

Remove default authentication record:  Within web application settings you might want to set a default authentication record – just select Set as Default next to the record. This will set the authentication record automatically for future scans and schedules. Once set you can easily remove the authentication record as the default by selecting Remove Default.

Set and Remove default authentication record

web_app_auth1

web_app_auth2

Simpler way to edit your web applications:  Now you’ll use the same Edit option to edit one or more web applications.

Select web apps

web_app_list

Choose edit action

web_app_edit

Modify attributes for all web apps selected

web_app_edit_wizard

Notification when changing a locked scanner:  Changing the locked scanner setting for a web application may impact scan schedules if you’ve already defined them for the web app. We’ve added a new notification to help you understand if there are schedule conflicts, and we’ll update your schedules to use the new locked scanner if you want.

Locked Appliance Notification

web_app_locked_sa

Scanning Enhancements

Reschedule concurrency limited scans:  Qualys WAS 3.6 will automatically reschedule scans that were postponed based on reaching the maximum scan concurrency for your subscription.  This saves users from having to manually reschedule these scans.  Now we’ll reschedule your scheduled scans to relaunch 10 minutes later instead of skipping them, when you have reached your scan concurrency limit. Want to be notified when a scheduled scan is rescheduled? No problem, just opt in by selecting “Notify if scheduled scan has to be rescheduled” in the schedule settings.  We’ll try to launch the scan every 10 minutes until the scan cancel time limit is reached, as defined for the schedule or the subscription (default is 24 hours) – whichever is first.

Scan Rescheduling Notification Options

schedule_notification

Easily Export Web App Links:  Qualys WAS 3.6 enables users to easily export the links for a web application via the Sitemap.  The Web Application Sitemap gives you a convenient way to get a list of all pages/links scanned with views on the links crawled, vulnerabilities and sensitive content detected (go to Web Applications, select your web app and then View Sitemap from the Quick Actions menu). For this release we’ve added a Download option – now you can easily download the links scanned with their detection data in multiple formats.

Export Web App Links

web_app_sitemap1

web_app_sitemap1+2

Report Scan Results per Link

web_app_sitemap3b

Filter Scans by Tag:  With Qualys WAS 3.6 you can search for scans on web applications that have certain tags, or no tags assigned. When you select multiple tags we’ll find scans on web apps with at least one of the selected tags.

Filter Scans by Tags

scans_list_tags

Delete Multi-Scan after deleting all child scans:  In WAS 3.4 we added the ability to scan any number of web applications as a Multi-Scan.  Multi-Scan is a limited release so if you are interested in becoming an early adopted please contact your TAM or Qualys Support. For a Multi-Scan that’s finished you have the option to delete some or all of the individual (child) scans. If you’ve deleted individual scans and none are left, we’ll ask you whether you want to keep the parent Multi-Scan or delete it (since in this case the parent is empty and has no scan results associated with it).

Delete Childless Multi-Scan

multiscan4

multiscan5

Schedules list last scan date and status:  We’ve added 2 new columns to give you up-to-date information on your scan schedules. Scanned tells you when the last scan was launched – just hover over the date to see the time. Scan Status tells you the status of the last scan (Running, Finished, Canceled, Error, Now Host Alive, etc).

Schedules list including last scan date and status

scan_schedules

Release Schedule

For details about the release dates for specific platforms and to subscribe to release notifications by email, please see the following:

Leave a Reply